With the advent of the Internet, there is an increasing need to scan data received from un-trusted networks and servers prior to downloading the same. Such scanning is typically carried out by software executed utilizing a central processing unit (CPU) of the downloading computer. Of course, such software must share the computing resources of the CPU with other software application programs running on the computer.
As network connectivity and bandwidth improves, the amount of such data that can be downloaded (and thus must be scanned) can be quite considerable. For instance, in the context of downloading data utilizing hypertext transfer protocol (HTTP), a scanner may be required, for each “page” of data, to scan scripts, data, and various sub-files that may make up a typical page, generated utilizing hypertext mark-up language (HTML). Just by way of example, HTTP “get” verbs are often employed to reference as many as 50 or more pictures (i.e. gifs, tiffs, etc.).
Unfortunately, this requires the scanner to “drop” some data (without scanning the same) to prevent the scanning process from utilizing an amount of computing resources that is greater than that available.
To provide a solution for the foregoing problem, scanning techniques have been developed to afford a maximum amount of security while minimizing the amount of system resources used to provide such security. One example of such techniques is to conditionally scan files based on a type of file that is being released to a requestor. It is known that executable files and macro files are more susceptible to virus propagation with respect to data files, i.e. image files, text files, etc. As such, scanners have been configured to allow certain files such as data files to be released with less security measures than executable and macro files.
Unfortunately, such techniques are still inadequate to provide the resource-savings necessary for desired performance levels of computers of today. In response, solutions have been proposed where network scanning may be carried out in the context of a network interface circuit board or card (NIC) that collects network traffic and/or related information from a network. In a typical computer system interconnected to a network, a NIC acts as an interface between the CPU and a computer network. The NIC of the present solution performs the necessary interface functions for transmitting and receiving data over the computer network, as well as offloading some of the scanning tasks from the CPU.
While such scanning-equipped NIC's have, to a certain extent, addressed the need to offload CPU's, they have not incorporated the various features (i.e. the conditional scanning set forth hereinabove, etc.) that are utilized in the context of CPU-driven solutions. Moreover, there are additional problems with optimizing such scanning-equipped NTC solutions to reflect the latest scanning techniques, which are constantly changing.